Change authorization header key (#6)

* Change authorization header key

as the use of headers starting with X- has been deprecated in RFC6648.

* Update configuration.example.yaml

Co-authored-by: Sebastian Serth <MrSerth@users.noreply.github.com>

configuration.example.yaml

@@ -4,7 +4,7 @@ server:
   address: 127.0.0.1
   # Port on which the webserver listens
   port: 7200
-  # If set, this token is required in the X-Poseidon-Token header for each route except /health
+  # If set, this token is required in the `Poseidon-Token` header for each route except /health
   token: SECRET
   # Configuration of TLS between the web client and Poseidon.
   tls:

docs/security.md

@@ -10,12 +10,12 @@
 
 The API supports authentication via an HTTP header. To enable it, specify the `server.token` value in the `configuration.yaml` or the corresponding environment variable `POSEIDON_SERVER_TOKEN`.
 
-Once configured, all requests to the API, except the `health` route require the configured token in the `X-Poseidon-Token` header.
+Once configured, all requests to the API, except the `health` route require the configured token in the `Poseidon-Token` header.
 
 An example `curl` command with the configured token being `SECRET` looks as follows:
 
 ```bash
-$ curl -H "X-Poseidon-Token: SECRET" http://localhost:7200/api/v1/some-protected-route
+$ curl -H "Poseidon-Token: SECRET" http://localhost:7200/api/v1/some-protected-route
 ```
 
 ### Nomad

internal/api/auth/auth.go

@@ -9,7 +9,7 @@ import (
 
 var log = logging.GetLogger("api/auth")
 
-const TokenHeader = "X-Poseidon-Token"
+const TokenHeader = "Poseidon-Token"
 
 var correctAuthenticationToken []byte